Resources

The 2008 holiday seasons is upon us. During the holidays, rackAID operates on special hours and terms so our hard working staff can get a bit of R&R. Non service impacting request may not be handled until our next business day.

Christmas
rackAID will close at 12:00 Noon Dec 24th and re-open at 9:00AM Dec. 29th. Case-based support requests submitted after 12:00 Noon Dec. 24th may not be handled until Monday, Dec. 29th.

If you are subscribed to a server management package, your services will not be impacted. We ask that you please use the appropriate priority levels during the holidays. If something is urgent or critical, please use those levels. Staff will be working abbreviated schedules and on-call throughout the period.

New Years
rackAID will close at 12 noon Dec. 31st and re-open Jan 4th. Case based support requests submitted after 12 noon Dec 31st may not be handled until Jan 4th.

Just a heads up to our management clients at thePlanet:

ThePlanet has added an extra security feature to their Orbit account login. Users need to update their accounts to set a 'Verification Question' and Answer. Once these are set, you can log into your Orbit account as you normally would. You will not be prompted to choose a question and answer again. Please note, accounts cannot be accessed until the question and answer are set.

If you use Server Command, you will also need to login and update your account.

We rely on access to clients' Orbit accounts in case of outages and other emergencies. We've already had several cases this week where clients' accounts were not updated and our work to resolve issues was delayed. Please make sure you add your Verification Question and Answer to your accounts as soon as possible.

This week, Parallels released Plesk 9.0. The release includes a number of new features that should be particularly appealing to shared hosting providers.

New features of Plesk 9.0 include:

Reseller Level: Administrators can now add reseller accounts. Resellers can then login and manage their own clients and domains.

Parallels Plesk Billing (formerly Modern Bill) is accessible directly from the Plesk Panel.

The Application Packaging Standard Catalog is available within Plesk. You can select applications to add to your Application Vault as needed.

Postfix Support: An alternative to Qmail, Plesk promises the switch from Qmail to Postfix is quick and easy.

There is also a very handy search available in the left-hand menu now. You can search through your Resellers, Clients or Domains in one place.

The interface for Plesk 9.0 has been redesigned, which some long-time Plesk users may find frustrating, but you can still adjust the interface skin to something more familiar. We strongly recommend checking out the demos and some of the screen shots available on Parallels website.

Note to those running RHEL 3: Plesk 9.0 does not support RHEL 3. Support for CentOS 3 was cut with Plesk 8.6. If you are interested in running Plesk 9.0, you will need to migrate to a supported OS.

For our management clients, don't expect to be upgraded before the new year. We are currently testing the new version and have no plans to push out upgrades for at least 4 to 6 weeks if not longer. At this time, until our testing is complete, we recommend Plesk 9.0 for new installations only.

In the past few years, rackAID has sent out holiday cards and sometimes trinkets to our clients with management contracts. This year, we have elected not to send out cards or gifts. We will instead donate those funds to a local charity group. We are still narrowing down our choices but several of the local food banks are having issues keeping items in stock.

We are considering Feeding America, formerly Second Harvest, as they have a good reputation in our area. They also get good marks over at Charity Navigator, an excellent resource for basic information about charitable giving.

This will be the first step in part of a formal giving program rackAID will establish in 2009. Though current economic conditions have slowed our growth, our business continues to grow at a double digit pace. We always like to be part of our community and charitable giving is just one route we will pursue. Currently, we are considering one international charity, such as Doctors Without Borders, and one local charity to be determined as part of our formal giving plan.

Our offices will be closed November 27th-28th for the Thanksgiving holiday. Emergency support will not be impacted. Case-based support requests confirmed after noon Nov. 26th will not be processed until the following week. Clients with manged servers or management plans should not be impacted.

Recently we migrated some servers to a new IP address. About a day after the migration, a client complained that their email was delayed. When we investigated, we found 10,000's of emails jamming up the queue.

The immediate suspects were a open relay, compromised user password or web application exploit. After ruling these out, we found the problem that was obvious in hindsight.

When we migrated the server, we used IPtables to forward IPs during DNS propagation. This meant clients would see minimal impact during the migration. Emails would go through, web sites would resolve and people can pop their mail.

When looking at the email queue, we saw that all emails came from the forwarding server. This was rather odd. We had actually tried to relay mail through the forwarding server but it failed.

As it turns out, the problem was with POP before SMTP. Due to the forwarding, the server was seeing the IP for the forwarding server not the client's IP. As a result, the forwarding server's IP would be whitelisted to send email for 10 minutes. Given the large number of email users on the system, I suspect it was open a large portion of the time.

A spam bot found the IP and considered it an open-relay and started flooding in the messages.

The lesson -- when using IP forwarding always consider any services that may cache the referring IP. We've seen this once before with DOS prevention type tools and bandwidth throttling systems. We had never considered the impact on POP before SMTP.

Of course, this is one reason why SMTP AUTH is preferred.

In recent news, there have been several reports of authorities finally shutting down some spam operations.

In September, Atrivo's upstream providers finally pulled the plug. The ISP had long been suspected of providing safe haven for spammers, botnet and malware operators. Atrivo was linked to a large botnet that powered the Storm Worm. The masters that controlled the botnet were apparently hosted by Atrivo. Once Atrivo was shutdown the botnet began to die off.

In October, a confidant of Alan Ralsky, a well know spam operator, agreed to testify against the persistent spammer, who's long been a member of Spamhuas' ROSKO list. Earlier this year, Ralsky was indicted for a "wide-ranging international fraud scheme involving the illegal use of bulk commercial e-mailing." Judy Devenow, one of Ralsky's crew, plead guilty to conspiracy and aiding fraud in a US Federal court. Devenow said she was paid US$150,000 to send e-mail and manage others from January 2004 through September 2005. According to Spamhaus, Devenow faces 33 months to 41 months in prison, but could get less time due to her co-operation with the feds.

This week, McColo was yanked offline as upstream providers severed their ties. According to the Washington Post, the firm was responsible for as much as 75% of email being blasted. As seen in the graph, Spamcop saw a huge drop in the number of reports sent after McColo was pulled offline. Brien Krebs has posted an interesting follow-up on the McColo story that includes a mind map of how involved the ISP was in nefarious internet activities.

Much of these successes have come through the work of security and network professionals. By analyzing traffic patterns, they can begin to reconstruct the sources of these bad players. While I've not seen any decrease yet in our own spam processing, I hope that these efforts will begin to have an impact.

rackAID, a leading managed service provider, announced today that they have joined the Red Hat Partner Program as a Red Hat Ready business partner. Though the partnership, rackAID expects to increase their Red Hat Enterprise Linux service offerings and develop business through co-marketing opportunities.

Continue reading "rackAID Joins Red Hat Ready Partner Program" »

One thing a partnership provides is education. ControlScan has notified us that Phase III of the PCI-DSS program is upon us (see the bulletin). If you are running an E-commerce shop or plan to, then you may want to review the upcoming changes in the PCI-DSS program. On October 1st, 2008, Phase III will be in effect. Under Phase III, banks cannot board new level 3 or 4 merchants that cannot attest to PCI compliance. If you need PCI compliance, now would be the time to get started. Best of all, ControlScan is providing a Free 14 day Trial for rackAID clients.

Continue reading "Get Ready for PCI Phase III with a Free PCI Scan" »

rackAID, a leading managed service provider, has joined the Jacksonville Chamber of Commerce and the IT Council. rackAID's president, Jeff Huckaby, expects the company's involvement in the IT council will enable rackAID to continue its rapid growth and service expansion.

Continue reading "rackAID Joins Jacksonville Chamber of Commerce and IT Council" »